Last amendment: 8 August 2023
1. Privacy Mission and Vision
Our Mission: Enable 5CA to navigate a dynamic future in privacy through transparent, ethical, and innovative uses
of personal data. 5CA Privacy Team is a division of the 5CA Legal and Compliance department. We strive to be a valued
partner and advisor to 5CA community by providing guidance and training on privacy laws, policies, and best practices.
Long Term Goals:
- Promulgate privacy by design,
- Build trust as a data steward,
- Manage privacy risk proactively and pragmatically,
- Advocate for the innovative and ethical use of data,
- Be a recognized leader in data privacy.
2. Who are we? Introduction
5CA, whether permanent or temporary and includes freelancers, interns, contractors (“Candidate“); those who
feedback about Candidates (“Reference Contacts“); and anyone who visits this Website (“Website Visitor”)
referred to as “you”, “your”, “yours”.
EK Utrecht and its affiliates and entities that in the later stage of the recruitment, enter into a contractual
relationship with you (“5CA”, “5CA Group” “we”, “us”, “our”). In this regard, further internal policies and
be shared with Candidates and will apply as per the stage of recruitment and the role at 5CA.
“Personal data” means any information relating to an identified or identifiable natural person. For example, we
collect your first, last name and email address which is your personal data as a Candidate.
This also means that from the moment of the collection of your personal data, you are a “Data subject” in the
Privacy Law that applies to you.
5CA places foremost importance on any operation or set of operations performed on
personal data or on sets of personal data, whether by automated means. This is, for example, the collection, use,
recording, disclosure, maintenance, organisation, storage, and deletion of your personal data (“Processing“).
protection and privacy legislation that applies depending on which country or region you apply, contact us, or visit our
website (“Privacy law“).
5CA processes your personal data per general privacy principles of lawfulness, fairness,
transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and
accountability that arise from the GDPR and similar privacy principles that come from the applicable Privacy law.
3. Which personal data do we collect and why?
We will process personal data for the purposes as stated below:
|Data subject||Personal data||Purpose||Legal ground|
Depending used Cookies:
You can freely customize your data per use/purpose via our Cookie settings by clicking the cookie icon or
||Performance of a contract and consent if you voluntarily provide sensitive personal data.|
||Legitimate Interest or if necessary for a legal obligation.|
||Legitimate interest and consent (if sensitive personal data collected).|
||Performance of a contract and if necessary for a legal obligation.|
4. Legal basis
We may process your personal data as stated above to perform necessary precontractual activities to sign the contract
between Candidate and 5CA. In such a case, we must process Candidate’s personal data to fulfill the contract (Art.
6(1)(b) GDPR). If the opposite is the case, it will not be possible for you and us to perform the necessary
precontractual activities to hire you.
Based on Article 6(1)(f) of the GDPR, we may process your personal data for the legitimate interests of 5CA which are
the background checks (excluding the background checks needed by local laws applicable to Candidate) and the necessary
assessments of your eligibility per Candidate’s position.
Failure to process this data constitutes the impossibility to proceed with your application. You have the
right to object under Article 21 of the GDPR.
Based on Article 6(1)(a) of the GDPR, we may process your personal data based on prior, freely given, informed,
unambiguous and specific consent. You are free to provide your consent and have the right to withdraw it at any time.
Right to withdraw consent
You can withdraw your consent at any time by sending a request to firstname.lastname@example.org. If you change your decision, it will
not affect the lawfulness of processing your personal data based on consent before its withdrawal. This means we will
not further process your personal data from the moment of withdrawal, but the processing activities performed beforehand
will still be legitimate.
Necessary for a legal obligation
To comply with our legal obligations, 5CA may process your personal data for such purposes particular, in case your
personal data are subject to a conflict to which we are a party, we might need to process and disclose your personal
data to authorities and persons we require to use our right to defence such as attorneys, experts and courts. We may
process your personal data to fulfil these legal liabilities and to use our right to defence. We also use this legal
ground to process your personal data at the end of the application process where additional details and documents are
needed to start and proceed with the onboarding process.
5. Reference Contact
If Candidate provides Reference Contacts’ personal data to us, Candidate hereby accepts and guarantees that they
disclose the data of the reference contact in a CV or similar resources with 5CA pursuant to the knowledge and consent
of the relevant Reference Contact, and all responsibility will belong to Candidate if the Reference Contact requests and
6. Retention Periods
5CA gives utmost importance on not keeping your personal data longer than necessary. To ensure that personal data is
kept for no longer than necessary, we apply retention periods concerning the category, sensitivity and the purpose of
personal data processed. This also depends on the stage of your recruitment, in particular, when you are rejected or
accepted, consent you have given to 5CA, as well as 5CA’s legitimate interests and legal obligations of local affiliates
and subsidiaries. When you accept the job offer, the retention periods will correspond to the contract you will sign,
Where technically possible we set automated retention periods so after a reasonable period your personal data will be
anonymized or deleted. The established retention periods are reviewed and updated regularly.
7. Sharing personal data with third parties
Personal data of Candidates is provided to parties that assist 5CA in the recruitment process and to 5CA affiliates and
subsidiaries for which Candidate will perform future’s contractual activities. The parties that assist 5CA in the
recruitment process are the Recruitment Management Platform vendor used to centrally manage your application process and
the parties that assist in performing eligibility, language, skills assessments, and other types of necessary checks per
certain role. When Candidate or Reference Contact contacts us via recruitment platforms such as LinkedIn or email, the
providers of those platforms will process personal data as per activities via the registered account on such platforms.
Data of Website
Visitors (if it constitutes personal data) is hosted by our website hosting provider and processed as per
Section 10. All the above-mentioned parties use their own systems and vendors to support performing the service for the
purposes listed above.
8. Data transfers, storage, and processing globally
Most of the parties provided in Section 6 are located in the European Economic Area (“EEA“), in particular – in
the Netherlands and some may be located outside of the European Economic Area, for example, in United States, United
Kingdom, Argentina, Uruguay, Hong Kong, South Africa, Ukraine, Philippines, Turkey. This will also depend on which of
our affiliate or subsidiary you apply to. Where your personal data is stored outside the EEA, and when such a country
does not have any binding adequacy decisions from the European Commission (such decisions guarantee your data is safely
sent outside EEA), we will ensure an appropriate level of protection for the data transferred by providing adequate
contractual (such as Standard Contractual Clauses), organizational and technical safeguards (jointly referred to as
“adequate safeguards“). We also require vendors to act appropriately to protect the confidentiality and security
of personal data, especially for your personal data processed outside EEA. You can ask for a copy of such adequate
safeguards via email@example.com
9. How do we protect your information?
We have implemented commercially reasonable technical, organizational and security measures designed to protect your
personal data. Ensuring the security of your personal data is particularly important to us, which is why we have taken
different technical and organizational measures to ensure this. In particular:
recruiters, hiring managers, maintenance, and security teams on a need-to-know basis and who are required to keep
the information confidential as per Zero Trust approach. In addition, the information is encrypted with Secure
Socket Layer (SSL) technology,
safety of your personal data.
As the security of information depends in part on the security of the computer, device, or network you use to
communicate with us and the security you use to protect your user IDs and passwords, please make sure to respond
appropriately to protect the information you send us as well.
10. Which cookies do we use?
Cookies and similar tracking technologies, such as beacons, scripts, web beacons and tags (which together we refer to as
“cookies”), are small bits of text, usually stored on a user’s computer hard drive or within a browser. They enable this
Website and/or other websites which can recognise a cookie to remember information about the user’s visit to that
Cookies are used to make the Website work, or work more efficiently, and to provide information to the Website’s owners.
Such information may be used to provide a more personalized and responsive service. Cookies may be either first-party
cookies set directly by us to your device, or third-party cookies set by a third-party provider on our behalf. When you
use this Website, information may be collected through cookies and other technologies.
11. Your privacy rights
the applicable supervisory authority or to seek a remedy through the courts,
European Economic Area and adequate safeguards we use for these data transfers,
data controller, in a commonly used, machine-readable format,
the purposes for which it was collected, or when, among other things, your personal data has been unlawfully
processed. However, please keep in mind that we may not delete all your personal data as we may still need to keep
it for our legitimate purposes such as establishment, exercise and defence of legal claims,
There are exceptions to this right, so that access may be denied if, for example, it does infringe upon the rights
and freedom of others or if we are legally prevented from disclosing such information,
transfer of your personal data, you have the right to withdraw your consent fully or partly. Once we have received
notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to
which you originally consented. This means we will not further process your personal data from the moment of
withdrawal, but the processing activities performed beforehand will still be legitimate.
You can exercise your rights by submitting a request to firstname.lastname@example.org
Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request
promptly in accordance with applicable law or inform you if we require further information to fulfil your request. When
processing your request, we may ask you for additional information to confirm or verify your identity and for security
purposes before processing and/or honouring your request. We reserve the right to charge a fee where permitted by law,
for instance, if your request is manifestly unfounded or excessive. In the event that your request would adversely
affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if
we are legally entitled to deal with your request in a different way than initially requested, we will address your
request to the maximum extent possible, all in accordance with applicable law.
privacy statement. You can track the changes by checking the data on the top of this page.
13. Contact information
You are welcome to contact the Privacy Team (email@example.com) for any questions, comments, and requests regarding